Block Domain Names In IPTABLES

gczman · Oct 16, 2008

I was wondering if there is any way to block domain names using IPTABLES?? Or do I need to use a different firewall solution to be able to do that?

thedaver · Oct 16, 2008

BLock domain names from doing what? coming in, going out, specific protocols/ports, specific days? what is it you want?

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

IRudebwoy · Oct 16, 2008

From the man:

man iptables said:
... Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address. ...

You could do it but your DNS server(s) may get DoS'd by the firewall doing all those lookups.

[pipe]

IRudebwoy · Oct 16, 2008

And you can't block entire domains like *.microsoft.com and similar, that's what web proxies are for.

gczman · Oct 19, 2008

I was just wanting to block a domain name instead of single ip addresses. This would be incoming on any port.

zeland · Oct 20, 2008

While you may not be able to block a single domain, you could try to look up the IP address(es) in one of iana.net registrars and block the whole ISP range of your offender.

--== Anything can go wrong. It's just a matter of how far wrong it will go till people think its right. ==--

gczman · Oct 20, 2008

Thanks, looks like that is what I am going to have to do at this point.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Block Domain Names In IPTABLES

gczman

ISP

thedaver

IS-IT--Management

IRudebwoy

IS-IT--Management

IRudebwoy

IS-IT--Management

gczman

ISP

zeland

IS-IT--Management

gczman

ISP

Similar threads

Part and Inventory Search

Sponsor